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Dear Readers 

as the cyber world rocks the x generation we here at the hack 
ers news spin the kalidoscope of technology news on its axis . 
Because of that, I get to warmly and appreciatively welcome you to 
ISSUE 2 OF "THE HACKER NEWS MAGAZINE." 



THE HACKER NEWS WAS CREATED FROM THE NEED FOR UP TO DATE 
INFORMATIVE AND PRACTICAL HACKING NEWS AND INFORMATION. WE WERE 
SPINNING FROM THE OVER 5D,DDD DOWNLOADS OF THE FIRST ISSUE OF 
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Aakash Mishra.... GIVES US A GLIMPSE AT 
THE PSYCHOLOGICAL SKILL 



□ F SOCIAL ENGINEERING 




SOCIAL ENGINEERING 15 T 




DE OF BREAKING INTO CORPORATE OR PER- 



SONAL PC'S TO GAIN INFORMATION* EVEN COMPANIES THAT HAVE AN AUTHENTICA- 
TION process, Firewalls, VPN's and Network monitoring software are sub- 
ject TO THE SKILL DF A GOOD SOCIAL ENGINEER. 



IN HACKING WE RELY ON OUR TECHNICAL SKILL AND IN SOCIAL ENGINEERING IT IS A 
GAME OF GETTING YOUR SUBJECT TO TELL YOU WHAT YOU WANT TO GET INTO THEIR 
SYSTEM. 



SOCIAL ENGINEERING HAS BEEN EMPLOYED SINCE THE BEGINNING OF 
MANKIND THE ART OF TRICKERY DR DECEPTION FDR THE PURPOSE DF INFORMA- 
TION GATHERING, FRAUD, OR IN MODERN TIMES, COMPUTER SYSTEM ACCESS. 

IN MDST CASES TDDAY THE SOCIAL ENGINEER NEVER CDMES FACE TD FACE WITH 
THEIR TARGET. 



IN SOCIAL ENGINEERING WE EXPLOIT THE ATTRIBUTES OF THE HUMAN DECISION 



MAKING PROCESS KNOWN AS "COGNITfVE BIASES." THE ENGINEER CREATES TECH- 
NIQUES FOR ATTACK, SOME OF WHICH I LIST HERE: ft r^^Jfc^ 
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Pretexting 

Pretexting is the ability to create a false scenario that would make a tar- 
geted VICTIM FEEL CDMFDRTABLE GIVING YOU INFORMATION. IT IS MORE THAN 
SIMPLE LYING. OFTEN IT IS IMPERSONATING AN INDIVIDUAL THAT THE TARGETED 
VICTIM PERCEIVES HAS THE RIGHT TO KNOW THE INFORMATION. IT COULD BE A 
POLICE OFFICER, BANK PERSONNEL, TAX AUTHORITIES, OR INSURANCE INVESTIGA- 
TORS. Sometimes all that is needed is an authoritative and earnest sound- 
ing VOICE. 

Diversion theft 

This technique originated in the east end of London and thieves who 
employ this technique are well rehearsed, and are extremely effective. 
Basically, it is the job of the social engineer to divert goods to a differ- 
ent location. The engineer must persuade the administrator or personnel 
of a transport or courier company to issue instructions for the driver to 
redirect the consignment or load. 

Phishing 

Phishing is a popular email scam that fraudulently obtains private infor- 
mation. An email sent from an official looking business warning of some 
dire consequence if the personal information is not provided. 
Phishing can involve creating websites that resemble a legitimate organi- 
zations SITE WHICH CONVINCES THE TARGET IT MUST BE OKAY TO GIVE FINANCIAL 
OR PERSONAL INFORMATION. 

IVR OR PHDNE PHISHING 

This technique uses the phone to recreate a legimate sounding business 
that the intended target is persuaded to call from an email or letter. 
One technique uses voice prompts to get password or account informa- 
tion OR THE PERSON WILL BE TRANSFERRED TO THE SOCIAL ENGINEER POSING AS 
THE CUSTOMER SERVICE REPRESENTIVE FOR QUESTIONING^ 

PHONE PHISHING IS ALSO CALL VISHING. * 

www.thehackernews.com 
02 | May 2011 | Issue 02 




Baiting 

This technique requires the engineer to make a malware infected floppy 
disk, cd rdm, dr usb flash drive in a place an intended target(s) might pick 
it up dut df curiosity or greed. the titles may be corporate information 
that would appear to allow the target information that would give finan- 
CIAL gain. However presented, once the disk is inserted the users installs 

MALWARE GIVING THE ENGINEER UNFETTERED ACCESS TO THE TARGETS PC OR A 
COMPANY'S INTERNAL COMPUTER NETWORK. 



Quid prd quo 

Quid pro guo is simply "something for something," in other words the 

SOCIAL ENGINEER CALLS THE TARGETED VICTIM AND OFFERS SOMETHING, MAYBE 
MONEY, CHOCOLATES, MERCHANDISE FOR PASSWORD OR OTHER PERSONAL INFORMA- 
TION. Surprisingly, large numbers of victims readily give this information 

BELIEVING THEY ARE GETTING SOMETHING IN RETURN. 

Sdcial Engineering Gdd Father — ^ 



Kevin David Mitnick 



Kevin David Mitnick (born October 
6, 1 963) is a controversial comput 
er hacker and convicted criminal in 
the United States. 



Mitnick was convicted in the late 
199ds of illegally gaining access 
to computer networks and stealing 
intellectual property. though mlt 
nick has been convicted of comput 
er related crimes and possession o 
several forged identification docu 
ments, his supporters argue that 
his punishment was excessive. 

www.thehackernews.com 
03 | May 2011 | Issue 02 




Kevin Mitnick began social engineering dr perhaps discovered his first en- 
gineerable situation at the age of 1 2. he realized he could bypass the 
punchcard system used for the los angeles bus system! by buying his own 
punch, he could get free bus rides anywhere in the greater la area. 
Social engineering became his primary method of obtaining information, 
whether it be user names and passwords, modem phone numbers or any 
number of other pieces of data. 



In high school, he was introduced to phone phreaking, the activity of ma- 
nipulating TELEPHONES WHICH WAS OFTEN USED TO EVADE LONG DISTANCE CHARG- 
ES FOR HIS BENEFIT. 



Mitnick broke into his first computer network in 1 979, when a friend gave 
him the phone number for the ark, the computer system at digital equip- 
MENT Corporation (DEC) used for developing their RSTS/E operating 

SYSTEM SOFTWARE. HE BROKE INTO DEC's COMPUTER NETWORK AND COPIED DEC's 
SOFTWARE, FOR WHICH HE WAS LATER CONVICTED. THIS WAS THE FIRST OF A SERIES 
OF RUN-INS WITH THE LAW. 

Acts by Kevin Mitnick : 

1 . ) Using the Los Angeles bus transfer system to get free rides Evading 

THE FBI 

2. ) Hacking into DEC system(s) to view VMS source code (DEC reportedly 

SPENT $16D,DDD IN CLEANUP COSTS) 

3. ) Gaining full admin privileges to an IBM minicomputer at the Computer 
Learning Center in LA 

4. ) Hacking Motorola, NEC, Nokia, Sun Microsystems and Fujitsu Siemens 
systems 



Kevin Mitnick is now a professional computer consultant (doing business 
as Mitnick Security Consulting, LLC). 
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Interview with the creatdr of the sdcial 
engineering tddlkit, david kennedy ! 

THN Editor : First, tell us about yourself, your experience and what you 

HAVE PRODUCED IN THE SOCIAL ENGINEERING FIELD? 

David : I'm a Director of Information Security for a Fortune 10DD com- 
pany. Don't let the title fool you, being a Director just means I can focus 

ON THE STUFF I LOVE WHICH IS BREAKING THINGS. I HAVE A HEAVY PENETRATION 
TESTING AND EXPLOITATION BACKGROUND DATING BACK TO THE MILITARY INTELLI- 
GENCE DAYS AS WELL AS A SECURITY CONSULTANT WORKING WITH A NUMBER OF FOR- 
TUNE 5DD AND 1 □□□ COMPANIES. AS A PENETRATION TESTER A FEW YEARS BACK, 

Social-Engineering was a major portion of what I needed to do in order to 

GAIN ACCESS EITHER PHYSICALLY OR THROUGH SOCIAL-ENGINEERING ATTACKS 
AGAINST ORGANIZATIONS. It's BEEN A BLAST WORKING IN THE SECURITY COMMUNITY 
AND CONTRIBUTING AS MUCH AS I CAN TO OPEN SOURCE. MY PHILOSOPHY IN LIFE IS 
I LOVE WHAT I DO AND WHERE I WORK AND MY GOAL IS TO GIVE AS MUCH BACK TO 
THE SECURITY COMMUNITY AND MAKE THEM SUCCESSFUL AND HELP IF I CAN. |'m ONE 

of the founders of derbycon, a security conference in louisville ken- 
tucky, creator of the social-engineer toolkit, fast-track, member of the 
Social-Engineer crew/podcast, and main blog post at 
http://www.secmaniac.com. 



THN Editor : Please explain what Social Engineering is and how we use 
Social Engineering? 

David : Social-Engineering simply put is the manipulation of human behav- 
ior TO ACHIEVE SOME TASK. FOR US AS PENETRATION TESTERS, SOCIAL-ENGINEER- 
ING CAN BE LEVERAGED IN MULTIPLE CAPACITIES TO COMPROMISE AN ORGANIZATION 
AND GAIN ACCESS WHICH TYPICALLY CIRCUMVENTS THE MAJORITY OF SECURITY CON- 
TROLS IN PLACE IN AN ORGANIZATION. FOR ME, I LEVERAGE SOCIAL-ENGINEERING ON 
A REGULAR BASIS TO IDENTIFY WEAKNESSES WITHIN MY SECURITY PROGRAM AND 
USER AWARENESS. MOST ORGANIZATIONS ARE SPENDING A TON OF MONEY ON THE 



LATEST SHINY TECHNOLOGY THAT PROMISES TO FIX THEIR SECURITY PROBLEMS 



WHILE OUR HUMANS ARE FINDING THE EASIEST WAY TO GET 
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THN Editor : What are the best ways to perform Social Engineering? 
David : Sdcial-Engineering takes sdme time td learn and something that re- 
quires practice. There's nd easy answer dn what the best way td social-en- 

GINEER A VICTIM. WHEN I'm GDING AFTER AN DRGANIZATIDN I LDDK AT WHAT THEY 
HAVE DN THE INTERNET, WHD THE PERSONNEL 15, THEIR LANGUAGE, WHAT COMPA- 
NIES THEY OWN, AND AS MUCH INFORMATION I CAN POSSIBLY LEARN FROM OPEN 
SDURCE INTELLIGENCE (OSINT). I'LL DEVELDP A PRETEXT (MY ATTACK) BASED DN 
WHAT I LEARN AND PRACTICE IT BEFDRE HAND TD MAKE SURE It's PERFECT AND 
FLAWLESS. A LOT DF TIMES LEVERAGING SOCIAL NETWORKING SITES IN ORDER TD 
LEARN A LOT DF INFORMATION ABOUT MY TARGETS IS BENEFICIAL AND LEVERAGING 
TRUST WITH PEDPLE THEY TRUST CAN ALWAYS MAKE THAT LITTLE BIT OF A DIFFER- 
ENCE. 



THN Editdr : What are the recent usages df Social Engineering, such as 

THE, HBGARY HACK BY ANONYMDUS OR RSA HACK ? 

David : I think the mdst recent one wduld be the RSA hack where the de- 
tails ARE STILL A BIT VAGUE BUT LEVERAGED SPEAR-PHISHING IN ORDER TD TARGET 
A SELECT AMDUNT OF PEDPLE WITH A FLASH ZERD DAY. We've SEEN THESE ATTACKS 
BECDME MORE AND MORE PREVALENT AND SOMETHING WE HAVE BEEN PREACHING DN 
THE SDCIAL-ENGINEER.ORG PDDCAST FDR A LARGE TIME THAT THESE TYPES DF AT- 
TACKS ARE COMING AND It's GDING TD BE SOMETHING REALLY DIFFICULT TD PROTECT 
AGAINST. 



THN Editdr : How did SET (Sdcial Engineering Toolkit)" come abdut and 
Why did ydu develdp it? 

David : When SET was first cdnceived Chris Hadnagy and I were sitting in 

A CHAT ROOM ON IRC TALKING TOGETHER AND HE MENTIONED HE WAS STARTING SD- 
CIAL-ENGINEER.ORG TD TRY TO BRING MORE AWARENESS AND EDUCATION TO THE 
COMMUNITY ABDUT SOCIAL-ENGINEERING AND HOW IT RELATES DIRECTLY TD SECU- 
RITY. WE STARTED CHATTING AND FOUND THAT THERE REALLY WAS ND TODL OUT 
THERE FDR SOCIAL-ENGINEERING AND SOMETHING THAT WAS A HUGE GAP FDR US AS 
PENETRATION TESTERS. dUT DF THAT TALK, A RAW VERSION DF SET WAS CREATED 
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WHICH WAS REALLY BASIC IN NATURE, IT HAD A MASS MAILER, SOME PDF EXPLOITS 
AND THAT WAS REALLY IT. EVEN WITH ITS EARLY, EARLY RELEASE IT GDT A TDN DF 
POSITIVE FEEDBACK AND IT HAS JUST GRDWN FRDM THERE. I NEVER THDUGHT FDR 
DNE MINUTE THAT SET WDULD BECDME THE LEAD DPEN SDURCE TDDL IN SOCIAL-EN- 
GINEERING AND SOMETHING THAT PENETRATION TESTERS LEVERAGE ON A REGULAR 
BASIS, IT'S QUITE IMPRESSIVE AND I'm HUMBLED BY IT. 



THN Editor : Is Social Engineering dangerous ? 



David : Social-Engineering is extremely dangerous and THE largest threat 

THAT I SEE IN INFORMATION SECURITY TO DATE. AS MENTIONED BEFORE, WE HAVE A 
TON OF TECHNOLOGY IN PLACE THAT IS SPECIFICALLY DESIGNED TO STOP BUFFER 
OVERFLOWS (OR DETECT THEM), CATCH MALWARE (KIND OF A JOKE AT THIS POINT), 
AND PROTECT OUR WEB APPLICATIONS. YET OUR USER POPULATION IS STILL COM- 
PLETELY VULNERABLE AND CLUELESS ON THE SIGNS OF A BREACH. A FINE BALANCE 
BETWEEN TECHNOLOGY AND USER AWARENESS NEEDS TO BE ACCOMPLISHED AND 
IT'LL NEVER BE 1 □□ PERCENT BUT It'll BE A LOT BETTER THAN AN UNEDUCATED 
USER POPULATION. 



THN Editor : How does someone master Social Engineering ? 



David : Social-Engineering requires you to change your behavior, remove 
your barriers, and start to manipulate humans to do your bidding. i know 
that sounds awful, but use social-engineering in a positive way at your 
organization to see if you can affect a decision in your manner. read and 
learn from studies on behavioral analysis and how humans interact with 
one another. use the social-engineer.org framework to help you get the 

KNOWLEDGE TO EXPAND ON. ULTIMATELY It's GOING TO BE YOURSELF LEARNING THE 
TECHNIQUES AND APPLYING THEM ON A REGULAR BASIS AND BE ABLE TO MANIPU- 
LATE YOUR OWN BEHAVIOR TO GET A DESIRED OUTCOME FROM SOMEONE ELSE. 
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THN Editor : Give us an overview of the social engineering tddls and what 

IT DFFERS. 

David : The Sdcial-Engineer Tddlkit (SET) is an open-source python driven 

ARSENAL FOR PENETRATION TESTERS AIMED AT TESTING HOW WELL AN ORGANIZA- 
TION CAN WITHSTAND A SOCIAL-ENGINEER ATTACK. SET HAS A NUMBER OF ATTACK 
VECTORS SPECIFICALLY AIMED AT TARGETING THE USER POPULATION. SET AIDS A 
PENETRATION TESTER IN SOCIAL-ENGINEER ATTACKS HOWEVER DOESN'T PERFORM IT 
FOR THEM. It's UP TO THE PENETRATION TESTER TO PERFORM INTELLIGENCE GATHER- 
ING AND FORM THEIR PRETEXT IN ORDER TO HAVE A SUCCESSFUL ATTACK. SET HAS 
A NUMBER OF TOOLS AND ATTACKS INCLUDING THE SPEAR PHISHING MODULE, WEB 

Attack Vectors, Teensy USB Hid, Wireless Attack Vectors, and a number of 

ADDITIONAL CAPABILITIES AND FEATURES THAT MAKE SET UNIQUE WHEN IT COMES 
TO SOCIAL-ENGINEERING AND PENETRATION TESTING. SET IS BEING USED INTERNA- 
TIONALLY BY PENETRATION TESTERS AND A CRITICAL TOOL TO THEM IN EVERY CAPAC- 
ITY AS SOCIAL-ENGINEERING IS A HIGHLY IMPORTANT ATTACK VECTOR TO LEVERAGE 
DURING NORMAL TESTING. 



After that great interview with the creator of the social engineering 
toolkit, David Kennedy, i wondered how many readers really understand 
the difference in social engineering as opposed to hacking. 



The END 



SecManff 

Home of the Social-Engineemil 

Visit Him at http://www.secmaniac.com/ 
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Test your understanding 
□n Sdcial Engineering 



See if ydu can identify what technique df sdcial engineering was used in 
the following examples. (answers at end of article) 



A)YOU RECEIVE AN EMAIL WHERE THE SENDER IS THE MANAGER OR SOMEONE ON 
BEHALF OF THE SUPPORT DEPARTMENT OF YOUR BANK AND IS PRESENTING A PROB- 
LEM THAT CAN BE RESOLVED WITH YOU GIVING PERSONAL INFORMATION ABOUT YOUR 
ACCOUNT. 



B) A PERSON REPRESENTING YOUR COMPANY CONTACTS THE SHIPPING COMPANY 
THAT DELIVERS YOUR MERCHANDISE AND CONVINCES THEM THAT THEY MUST DELIV- 
ER A CERTAIN DELIVERY TO A DIFFERENT ADDRESS. 



OYOU GET AN AUTOMATED VOICE CALL FROM A FAMILIAR COMPANY OR BANK ASKING 
YOU TO KEY IN PASSWORD INFORMATION OR OTHER PERTINENT INFORMATION. YOU 
COULD BE TRANSFERRED FROM THIS CALL TO A LIVE CUSTOMER SERVICE REPRESEN- 
TEE. 



D)YOU ARE WALKING BY YOUR BANK AND ON THE SIDEWALK YOU FIND A COMPUTER 
DISK THAT IS TITLED "ACCOUNTS OVER 1 DDK." THIS MAKES YOU CURIOUS AND YOU 
INSERT IT INTO YOUR COMPUTER TO READ THE INFORMATION. 



E)AN ATTACKER CALLS RANDOM NUMBERS AT A COMPANY CLAIMING TO BE CALLING 
BACK FROM TECHNICAL SUPPORT. EVENTUALLY THEY WILL HIT SOMEONE WITH A LE- 
GITIMATE PROBLEM, GRATEFUL THAT SOMEONE IS CALLING THEM BACK TO HELP 

THEM. The attacker will "help" solve the problem and in the process have 

THE USER GIVE PASSWORDS OR ACCOUNT INFORMATION OR TYPE IN COMMANDS ON 
THEIR COMPUTER THAT GIVE THE ATTACKER ACCESS OR LAUNCH MALWARE. 
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Facing the facts 



The truth is social engineering is rarely discussed. Pedple mdstly like to 
talk abdut cracking and phreaking. 

Let's bring sdcial engineering gut gf the clgset and gntg discussign 
bldgs. Sharing information, learning the techniques and knowing how to 
protect yourself from social engineering is the best way to be skilled in 
this method of hacking. 

Answers 

A) Pretexting 

B) Diversion theft 
OIvr or Phone phishing 
DJBaiting 

E) Quid pro guo 




www.thehackernews.com 
10 | May 2011 | Issue 02 






You say you want Revolution ? 



They know your names. . . . You are the Globalized GOVERNMENT sponsored 
corporations and institutions. They know you are guilty of committing atrocities 
(war crimes, torture, toxic dumping and stifling freedom of speech, to name a 
few) against mankind in the name of greed and profit. They see as evidence that 
increased economic globalization and the rise of transnational corporate power 
have created the undeniable climate for corporate human rights abusers. 



rs. 



They know that predatory corporations are governed first and foremost by the 
codes of supply and demand and show their unadulterated loyalty only to their 
stockholders and the almighty bottom line. They know how corporations have 
amassed great power and influence on public policy and immense power over 
world governments. As corporations are allowed to act like criminals, they have 
the right and the power to stop them. 



AS GREED DRIVEN MULTI-NATIONAL CORPORATIONS AND GOV- 
ERNMENTS engage in the cruelties of GREED AND Corruption a SILENT 
GLOBAL ARMY OF COMPUTER TECHNO' S are using THEIR talents and 
SKILLS TO thwart THEM. Around the world-in Venezuela, Argentina, India, 
and the United States AND MULTITUDES OF OTHER COUNTRIES citizens 
CYBER Revolutionaries are stepping up to foster democracy and hold corpora- 
tions accountable FOR THEIR egregious CRIMES. 

As the AMERICAN revolutionary Samuel Adams stated, "It does not take a ma- 
jority to prevail... but rather an irate, tireless minority, keen on setting brushfires 
of freedom in the minds of men." 
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Those that have abused power and kneel only to greed should recognize that A 
NEW REVOLUTION IS UNDERWAY. A growing, fully formed and deter- 
mined cyber ARMY OF MANY has formed. Their revolution is an insurrection 
against the cruelties of GREED and Corruption and is being waged in cyber- 
space from PC'S around the world. 

Enter Sony Playstation Network 

If corporate owned governments and multinational corporations really think that 
the take down of sony psn was about punishment for spying on their users, they 
should and must think again. 



As any good war stratigest might do it is worth taking a look at the lead up to one 
of the biggest, most expense, most embarrassing, and longest shut downs in 
cyber history. 

April 16th - Anonymous plans a boycott of Sony 

April 22nd - Playstation network is hacked and shutdown 

April 26th - Playstation announces 77 million PSN customers information was 

April 27th - The hacker news leaks chat log of PSN hackers 

As this is written we are entering day nine of the shutdown many users and on- 
lookers are asking questions. If you are not one of the 77 million network users 
you might be asking, "What is the playstation network?" The Sony Playsta- 
tion network will connect your playstation 3 to the internet and to Sony's cloud 



services. 



If you are one of the 77 million users waiting to resume your game playing, you 
might be asking, "How long will the playstation network be down?" A hacker 
might tell you, a revolution takes time. Sony has stated they hope to be back up 
in a week. A hacker might respond to that as an optimistic prediction. 



One thing on most people's minds is the question 
► "Is my data safe?" jFT^asfe* ^ . 
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Sony complains that the compromised information might be used by the hackers 
or the information could be sold to a third party. The Hacker News [THN] 
thinks that if a revolution is a foot, the rebels would not endanger the very people 
it is trying to protect. Note that Wells Fargo, American Express, and Master Card 
have been monitoring cardholders accounts and have seen no unauthorized ac- 
tivity related to sony. 



Presently, Sony Corporation is facing a class action lawsuit by a group in Cali- 
fornia for failing to protect users information, in addition, this shutdown could 
cost sony upwards of 24 billion dollars. 



As the world watches sony struggle to resolve their present confounding situa- 
tion we must wonder what these cyber warriors are trying to convey? Could it 
be an "Awakening" inconvenience to the gamers coupled with a hefty monetary 
loss and inconvenience to sony? In fact, perhaps they are attempting to send a 
bigger and more important message to the world. 

Could their message be a call to arms? One can only surmise if corporate owned 
governments and greed driven multinational corporations continue to wage war 
against mankind in the name of greed and profit, then the take down of SONY 
PSN appears to have given the cyber army an event to revel in a probable recruit- 
ing tool. 

We are Anonymous 

We are Legion 
We do not Forgive 
We do not Forget 



irofit, then the take down of S( 
l event to revel in a probable rec 

mous 
ion 

rgive 
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A 71 year old man named f * 
Anna Hazare decides to fast ' 



uuw ucaui uuicss guvomiucui 

rectifies its ills. 
What does it all mean for 




India...? 

It seemed unlikely that Kisan Baburao Hazare, the oldest of six sIBfings and of 
humble beginnings would ever be in the position of altering government practices 
with the sound of just two words — "Hunger Strike". 



Born in 1940 in the village Ralegan Siddi, Kisan Baburao Hazare, better known in 
the world as Anna Aarare, has done just that. Inspired by the works of Vivekananda, 
Gandhi, and Vinoba Bhave, he became a social worker and activist. 



Today Anna Hazare is responsible for the government consideration of the Jan 
Lokpal bill which would establish in india a chief ombudsman and anti-corruption 
panel outside of governmental and political influence. 



But, he didn't come by this acheivement without considerable experience and a per- 
suasive technique of submitting to hunger strikes to bring some enlightenment to 
Indian politics. 



Starting in 1975 and working in Ralegan Siddhi village, he transformed the water 
distribution system which led to a watershed development that brought a solution to 
irrigation problems. 



So influential and progressive was his design that the Indian government plans to de- 
velop a model of it for other villages in the country. 

In 1991 Hazare was able to expose collusion between 
forest officials and timber merchants resulting in sus- 
pension of these officials. 
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In 2003 he entered a fast lasting six days bringing indictments for corruption against 
four NCP Ministers of the Congress-NCP Government. 

Soon after, Haraze was successful in strengthening the Maharashtra right to informa- 
tion act by entering a hunger strike again lasting six days before the government 
agreed to amend the right to information act to exclude the file notings by the govern- 
ment officials from its purview. 

In 201 1 Anna Haraze initiated a movement to pass the jan lokpal bill, he once again 
began a 98 hour hunger strike to force the government to pass the jan lokpal bill by 
15 august 2011. 

Shortly after that he demanded an amendment to the electrol law to incorporate the 
option of "none of the above" in the electronic voting machines during Indian elec- 
tions. 

Sporting these accomplishments, it isn't a wonder that the looters who govern India 
have put up a united front to derail Haraze and his movement to free India from the 
clutches of looting and corruption. 

As the economic condition of india deteriorates further and further, I implore all indi- 
ans to rise up and demand the principles and doctrine of Anna Aazare be instituted 
and followed. 

Anna haraze cannot single handedly stop the deep rooted state of corruption in India. 
He needs India, the people of India, to stand with him, loudly and return India gov- 
ernment to its rightful owners. 

There could be no truer words of Anna Hazare than these: 

"The ultimate goal of all politics and social work 
should be the upliftment of society and of the nation.'' 

Written I3y : Mohit Kumar 
Edited 3y : Patte GaWe 
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Q/A 

Question : Why should the generation of free love, hippies, and 
political dissent be aware, interested, educated and supportive of 
hacking and other cyber methods of awakening people? 

Answer : These days even 5 year olds have a facebook profile. As all age 
groups are regular internet users the internet becomes a critical part of every- 
ones life. If people don't know how to work online safely then they can be 
victim of cyber crime any time. 

One of the objectives of THN is to bring the reality of security and it's conse- 
quences to internet users. The generation you refer to in your question is 
coming along, but they need more education and awareness of the power and 
the threat of the internet. 

I believe we can educate people on how to better protect themselves and 
bring understanding that just because a big corporation tells you your infor- 
mation is secure, don't be so quick to believe it. 

Today we can "hack" into most all systems. The industry is not one step ahead 
of us,„„we are one step ahead of them. Time for everyone to realize that gov- 
ernments and corporations that engage in corruption, deception and stealing 
of citizens hard earned dollars will be exposed. It might be fair to say that 
hackers are the babysitters of the evil of the world. We are watching and we 
are discovering what these theives are doing and they are bewildered as to 
how to cope with it. 

Time for all generations, especially the generation of the 1 960's that under- 
stood government needed an overhaul, to support and utilize the internet to 
accomplish this. 

I believe this current generation can do what others could not. Without firing 
one shot, gathering in one public square, carrying one protest sign, we can via 
our computers bring down the out of control unethical behavior of govern- 
ment and corporations. 

Patti Galle, 

Content Editor, 

The Hacker News Magazine 



www.thehackernews.com 
16 | May 2011 | Issue 02 




■ KiAfl aW IsM V 1 4VK 



1 .) So sorry Sony Sony Online Entertainment announced that it has lost 1 2,700 customer credit card numbers as the result of 



an attack, and roughly 24.6 million accounts may have been breached. Read More @ http://tinyurl.com/3ry9675 



2.) Anonymous performs Operation Iran. (The Hacker News Gave Them a Standing Ovation) Op Iran attacked the governmen- 



tal websites responsible for oppressing freedom of speech, information or ideas. Anonymous timed attacks to coincide with 
International Workers' Day in the United States. Read More @ http://tinyurl.com/5tsnpsg 



3.) DSLReport.com Hacked - the information and review site on high speed Internet services which operates over 200 forums - 
has been hit with a blind SQL injection attack, which resulted in the compromise of at least 9000 accounts. Read More 



@http://tinyurl.com/3pphma4 





4.) Lady G all a twitter about her account being hacked. A hacker gained access to Lady Gaga's twitter account and began post- 
ing a number of spam messages, all written in Spanish. Read More @ http://tinyurl.com/3g55t6a 




5.) Hackers try dating. A social Networking Site, Buddie.me is hacked and about 1 5809 emails/passwords have been exposed 



on the WWW! Read More @ http://tinyurl.com/3qcyu2x 




6.) Pakistan Cyber Army derails the Indian train system. PCA hacked into Indian railway's email system and download all of the 



confidential emails as well as email addresses and their passwords. Read More @ http://tinyurl.com/3jlv8rt 



7.) Hacker does a Naughty deed. A 26-year-old man faces 1 3 felony charges after being accused of hacking into Facebook ac- 
counts, stealing photos of young women and posting them on porn sites. Read More @ http://tinyurl.com/6dhs2j5 



8.) Hackers eat their own. A Turkish Hackers Group hacks Cyberhackers.org . Read More @ http://tinyurl.com/3nmbl7j 
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12.) Hackers are out of this world! The European Space Agency (ESA), established in 1975 was hacked by TinKode.. Read More 



@ http://tinyurl.com/3bnqe7u 



j 




1 3.) WordPress has been hacked resulting what the company said was a low-level (root) break-in to several of their servers 
Read More @ http://tinyurl.com/3baxshd 




1 4.) Hackers do their own advertising. Epsilon's (Marketing services firm) Customer Lists of Major Brands Compromised. Read 
More @ http://tinyurl.com/3cg4x4l 





1 5.) Who is babysitting the babysitter? How did a hacker manage to infiltrate one of the world's top computer-security compa- 
nies? Are RSA products now unsafe to 40 million users? Read More @ http://tinyurl.com/3w8knw6 
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1. ) Metasploit Framework 3.7.0 Released - http://tinyurl.com/3jefl8a 

2. ) Tor 0.2.2.25-alpha released - http://tinyurl.com/3kv856h 

3. ) Hack your Sony PSP : ISO Tool vl.975 Released - http://tinyurl.com/3uba3zf 

4. ) Google Hack Database Tool vl.l - http://tinyurl.com/3zwevl3 

5. ) USB Immunizer : Anti-Malware Tool - http://tinyurl.com/3u5c5w3 

6. ) ArpON 2.2 released - ARP handler inspection - http://tinyurl.com/3dlfe6z 

7. ) Hydra v6.3 Released with oracle & snmp-enum modules - http://tinyurl.com/3kco72m 

8. ) PacketManipulator 0.3 released - including Windows Installer - http://tinyurl.com/3kpnewl 

9. ) Live Hacking DVD vl.3 Beta - Download - http://tinyurl.com/3mm7uqs 

10. ) Ncrack 0.4 Alpha - New Version download - http://tinyurl.com/3b8n4j6 

11. ) John the Ripper 1.7.7 new version Released - http://tinyurl.com/4yru624 

12. ) Microsoft Windows Malicious Software Removal Tool - http://tinyurl.com/3dpkwsh 

13. ) Cain & Abel 4.9.40 released , Download now - http://tinyurl.com/448wz2u 

14. ) Pangolin v3.2.3 Released, Download Now - http://tinyurl.com/3nzqgxk 

15. ) The Social-Engineer Toolkit vl.3. 5 Released - http://tinyurl.com/3py5o2e 

16. ) Infondlinux - Security tools install script for Ubuntu - http://tinyurl.com/3spc4p9 

17. ) Bodgelt Store : Vulnerable Web Application For PT - http://tinyurl.com/4yh9uh4 

18. ) fileinfo-gui - Forensic tool for file information - http://tinyurl.com/3ksqn68 

19. ) THC-Amap v5.3 - application protocol detection Released - http://tinyurl.com/6jwtr9x 

20. ) Phoenix exploit kit 2.5 leaked, Download Now - http://tinyurl.com/4y2gkrc 

21. ) Wireshark 1.5.1 Development Release - http://tinyurl.com/4xumg46 

22. ) OllyDbg 2.01 alpha 3 Released - http://tinyurl.com/3czxq4j 

23. ) Sqlmap v.0.9 - automatic SQL injection - http://tinyurl.com/3olt5ez 

24. ) RawCap sniffer for Windows released - http://tinyurl.com/6y5gl7q 

25. ) WiFite The WEP/WPA Cracker version r68 released - http://tinyurl.com/3zv7ej6 

26. ) PenTBox 1.4 - Penetration Testing Security Suite Download - http://tinyurl.com/42ydzsx 

27. ) DRIL: Domain Reverse IP Lookup Tool Download - http://tinyurl.com/3w5mlvg 
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The Hackers Paradise' hacked by KhantastiC 
On 30 April 201 1, KhantastiC (Pakistani hacker) Hacked into 
http://www.thehackersparadise.com and add his deface page on that. 
Read More @ http://tinyurl.com/3huasms 
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President of Pakistan - Database Hacked By Mohit Pande Aka Toshu 
On 1 may 201 1, Mohit Pande (Indian Hacker) hack Pakistani President's 
Official website and exposed database as hack proof - 
http://pastebin.com/Vta6hVWT Hacked Site - 
http://www.presidentofpakistan.gov.pk/, 
Read More @ http://tinyurl.com/3hylzo6 



Escuela Universitaria Diseno - Spain hacked by Fr0664/FCA, 26740 
emails/passwords Dumped - On 1 may 201 1 , Fr0664/FCA hacked da 
tabase of Escuela Universitaria Diseno - Spain and dump the data- 
base at https://rapidshare.com/files/460080122/esne.edu.7z . 
Read More @ http://tinyurl.com/4y4g7rv 
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Aviation Website Planespotters.net hacked B 
On 29 April 201 1 , Lionaneesh (Indian Hacker) hacked Planespotte 
and Expose database at http://pastebin.com/iqqaPway . 
Read More @ http://tinyurl.com/4y4ho5j 



Famous Israeli company websites Hacked by OldChildz (Turkish Hackers) 
On 29 April 201 1 , OldChildz (Turkish Hackers) hack various Famous Israeli 
company websites. Read More @ http://tinyurl.com/4xh3t6f 
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Cambridge Networks hacked by Shak [PCA] 
On 27th April 201 1, Shak (Pakistani hacker) hack into 
cambridgewebworks.com and cambridge-networks.co.uk. 
Read More @ http://tinyurl.com/42cslat 



253 website defaced by imm0rt4l ( Indian hacking crew ] 
On 27 April 201 1, imm0rt4l Hack various sites listed at 
http://pastebin.com/r57UmqZ0 . 



Read More @ http://tinyurl.com/3b5w3nt 
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The Film and Publication Board's (FPB) websi 




On 26th April, The Film and Publication Boa 
(FPB) website, hosted at http://www.fpb.gov.za, had been hacked by 
Dr.KroOoZ - By.NeShTeR / TTG. 
Read More @ http://tinyurl.com/43bg64u 



Pakrail.com database and user details hacked by Angel 4k4 4d0r4b1 3 
Angel (Indian hacker) hacked the database ofPakrail.com on 26th Apri 
201 1 . Hacked Database - http://pastebin.com/y6WQ1 Qrr 
Read More @ http://tinyurl.com/3k33kvq 




The Oak Ridge National Laboratory Hacked 

- On 22 April 201 1 , The Oak Ridge National Laboratory got 

Hacked . Read More @ http://tinyurl.com/3krw47d 
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20 china government websites hacked by The 077 ( HamDi HaCker ] 
On 20th April 201 1 , 20 china government websites got hacked by 
The 077 ( HamDi HaCker ). Hacked sites List : 
http://pastebin.com/YbyS1Ghm . 
Read More @ http://tinyurl.com/42db5mp 
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CEH Trainer (Centennial Media Training) Got Hacked 
On 1 2 April A hacker hacked into website of CEH trainer at 



CEfi Training* * M I M I ! bahahahaha :=}) 

http://www.cmtraining.com.au/ . 
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Read More @ http://tinyurl.com/3vkz6me 
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70 Indian Websites Hacked By Shadow008 (PakCyberArmy) 



A 

On 1 0 April 201 1 , Shadow008 (PakCyberArmy) hack 70 Indian websites. 0 *\ 




Here is list of hacked sites - http://pastebin.com/8weEL5Bx . 

, bfdowt 
Read More @ http://tinyurl.com/3rhznzo 



Cat Techie akka vaidehi sachin's all sites,Security Firm & News 
Company got Hacked - On 7th April 201 1 , Cat Techie akka vaidehi 

Wc fuyi ire wirtchuf 1 lefh >±±i| 

ui^i ^ntei,^. 77 sachin's all sites,Security Firm & News Company got Hacked by 

a-mhdbinDmto^imqflf donth i^™k.m^ >- hK h^ ihii to pnph.. Indian I33t Haxors. Read More @ http://tinyurl.com/4x67dgk 
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Windows Servers Hacked at The Hartford Insurance Company 

On 7th April 201 1 , Hackers have broken into The Hartford insurance 

company and installed password-stealing programs on several of the 

company's Windows servers. 

Read More @ http://tinyurl.com/3qnpl8o 
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Govt of Orissa website Owned by ZHC XtreMist [ZHC] 

On 6th April 201 1, Govt of Orissa website -zssmayurbhanj.gov.in was 

hacked by ZHC XtreMist [ZHC]. 

Read More @ http://tinyurl.com/3baku2m 
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Security Events 



Belnet Security Conference, 5 May 201 1 in Brussels 

Security on the Internet is one of Belnet's highest priorities. Belnet after all has extensive expertise at its disposal in the 
area of Internet security. Moreover, with the expansion of its security services, Belnet wishes to raise awareness on the 
part of the user community with respect to security. 
Therefore Belnet organizes : 
What ? Belnet Security Conference 
When? Thursday 5 may 2011 
Where ? at Marivaux Hotel, Boulevard Adolphe Max 98, 
1 000 Brussels Accessmap 
Read More @ http://tinyurl.com/3sbqzcg 
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OWASP Hackademic Challenges Project 

The OWASP Hackademic Challenges Project is an open source project that helps you test your knowledge on web appli- 
cation security. The competition starts on 21 st April and will run for 4 weeks until 1 5th May. 

Read More @ http://tinyurl.com/3hfd6rp 



Security Events 



Calling All Hackers - Grand Prize in Sunshine State "Hacktacular" Challenge 
Calling all hackers: Data Analyzers, LLC (www.datanalyzers.com) in Orlando, 
Florida, is hosting the Sunshine State "Hacktacular" Challenge with a big prize 
for the top competitor - a full-time job with benefits and relocation allowance 
if you move to Orlando. 
Read More @ http://tinyurl.com/4xes3t4 



Hacktacul 




The Underground Cyber Hacking Challenge 

0p3nH4x is the first of its kind "underground cyber hacking challenge". A 
challenge by hackers for hackers to test real skills in the field. We are chal- 
lenging all hackers no matter if you are black or white "hatted". It's time to 
prove that your preferred community is not so skid. Deadline for registra- 
tions for the underground hacking challenge is 8th May 201 1 at 00:00 
GMT. Read More @ http://tinyurl.com/4ynukd7 



DerbyCon Security Conference 201 1 

Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Lou- 
isville Kentucky. Goal is to bring back an old style, community driven hacker con chocked full of amaz- 
ing talks, live events and all around fun. DerbyCon will be at the Hyatt Regency in Louisville Kentucky, 
tickets will go on sale at 8:00AM on Friday April 29, 201 1 for $ 1 25.00 for that weekend and go up to 
$1 50.00 on the following Monday. Read More @ http://tinyurl.com/3vvlt78 




J r | ! -f, E : X; ; J r ^ ^ r 



Hacker pleads after busted with 675K stolen cards 
A Georgia man has pleaded guilty to fraud and identity theft after au- 
thorities found him in possession of more than 675,000 credit card num- 
bers, some of which he obtained by hacking into business networks. 
Read More @ http://tinyurl.com/3eww6kv 



CISCO 



Former Cisco Engineer Arrested for Hacking 

A former Cisco engineer was arrested last year on charges of hacking into his 
former employer's network and is currently awaiting extradition in Canada. 
The charges against Peter Alfred-Adekeye, a British national who worked for 
Cisco before leaving to start his own company, were reported in local Van- 
couver media this week. Read More @ http://tinyurl.com/3sv5evq 



Pakistan president's website hacking case adjourned 

President of 

A court here has adjourned the case of a man who hacked into the Pakistan presi- Asif A1t 2afdari 



dent's website and uploaded material defaming Asif Ali Zardari. According to Fed- 
eral Investigation Agency (FIA) enquiry, the hacker, Shahbaz Khan, had the 
usernameADIL/Th3-penetrator and defaced the website www.president-of- 
pakistan.com and uploaded material defaming Zardari and the country. 
Read More @ http://tinyurl.com/4x7e83e 





Hackers steal Dell 1000's customer information 



The personal information of thousands of Australians has been stolen by hackers 
who raided a US-based database company, in what some experts are calling the 
biggest data theft in US history. In a statement, Dell assured its customers that 
credit card, banking and other personally-identifiable information was not at risk 
and remained secure. Read More @ http://tinyurl.com/3cuarjt 
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LINUX NEWS 



Ubuntu 11.04 Released 



For those of you watching Ubuntu's website recently, you may have noticed a new 
version of the popular and easy to use variant of Linux has been surfaced - Natty 
Narwal. Download : http://www.ubuntu.com/download . 



Read More @ http://tinyurl.com/3s95vl9 
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ESET NOD32 releases Antivirus for Linux 4 

ESET announced the availability of ESET NOD32 Antivirus 4 Business Edition for Linux Desk- 
top and ESET NOD32 Antivirus 4 for Linux.ESET NOD32 Antivirus 4 for Linux offers protection 
against cross-platform and emerging threats, enhancing the security of Linux platforms. The 
scanning engine automatically detects and cleans malicious code, including threats designed 
for Windows and Mac based systems. Read More @ http://tinyurl.com/3jqtusb 



GNOME 3.0 Released , Available for Download 
- GNOME 3.0 is a major milestone in the history of the GNOME Project. 
The release introduces an exciting new desktop which has been de- 
signed for today's users and which is suited to a range of modern com- 
puting devices. Download Now : http://gnome3.org/tryit.html . 
Read More @ http://tinyurl.com/3db52t3 
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Mandriva 201 1 Beta 2 is Available for Testing 

Mandriva 201 1 beta 2 was supposed to be released a week ago, but the release sched- 
ule was delayed by last minute defects discovered by the development and testing 
teams. In order to get hold of beta 2, you can visit your favorite Mandriva mirror and 
check devel/iso/201 1 . Read More @ http://tinyurl.com/3c388eq 
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SECURITY NEWS 




Google's Chrome 1 1 fixes $ 1 6,500 worth of bugs 

A total of 27 security vulnerabilities are fixed in the latest stable release for Windows, 
Mac, Linux and Chrome Frame. Individual rewards were from $500 up to $3,000 for a 
particularly nasty looking bug that allowed a possible URL bar spoof leading to naviga- 
tion errors and interrupted page loads. 
Read More @ http://tinyurl.com/3hf6vld 



FBI cracks International Bot Network 

The Department of Justice and FBI declared that it has cracked a net- 
work of hackers, who have infected almost 2 million computers with a 
harmful "bot" program, Coreflood that steals private and monetary data 
from computers. Read More @ http://tinyurl.com/4225elq 





Cyber jihadists could use Stuxnet worm to attack the west 
The worst case scenario is that Al-Qaeda or another organisation could gain 
access to this type of knowledge and information, and make use of it to launch 
attacks on critical infrastructure - like blow up nuclear power plants or do some- 
thing to our food chain. Read More @ http://tinyurl.com/42sf8qn 



McAfee study - India is fourth lowest in security adoption 
According to the report findings, India ranked fourth in terms of lowest levels 
of security adoption after Brazil, France and Mexico, adopting only half as 
many security measures as leading countries such as China, Italy and Japan. 
Concurrently, China and Japan were also among the countries with the high- 
est confidence levels in the ability of current laws to prevent or deter attacks 
in their countries. Read More @ http://tinyurl.com/3g5hooh 
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SECURITY NEWS 



Siemens Assisted with Stuxnet's Development, claimed by Iran 
A senior Iranian official accuses Siemens of willingly assisting the Stuxnet cre- 
ators by providing the source code necessary for them to exploit its software. 
"Siemens should explain why and how it provided the enemies with the infor- 



mation about the codes of the SCADA software and prepared the ground for a 
cyber attack against us," 




. Read More @ http://tinyurl.com/3uhapgd 




Verizon 201 1 Data Breach Investigations Report Released 
Data loss through cyber attacks decreased sharply in 201 0, but the total 
number of breaches was higher than ever, according to the " Verizon 201 1 
Data Breach Investigations Report ." These findings continue to demonstrate 
that businesses and consumers must remain vigilant in implementing and 
maintaining security practices. Read More @ http://tinyurl.com/42vlmx2 



India's CBI plans to send teams to US, Europe to trace hackers 
Against the backdrop of the attack on its website by "Pakistan Cyber 
Army", the CBI is considering to send its team to the US and Europe to 
trace hackers involved in the defacement. 
Read More @ http://tinyurl.com/3v673jt 
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New Chinese MBR Rootkit Identified 

A new rootkit that uses the master boot record (MBR) to hide itself has been 
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Read More @ http://tinyurl.com/3vls6ho 
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mail feature Exposed 



This time the Facebook username feature is Vulnerable. Not 
only can Spam's be sent but this bug can be used to post illegiti- 
mate messages to Facebook users from their friends or either 
from unknown people without the consent of the sender. Read 
More @ http://tinyurl.com/3pqxjxj 



5 




Note : "This isn't a serious flaw, bug or vulnerability but his is proof that the websites like Facebook contain security holes. 




Oday Exploit Released : Adobe, HP, Sun, Microsoft In- 
terix & many more Vendors FTP hackable 
Multiple Vendors libc/glob(3) resource exhaustion (+Oday 
remote ftpd-anon) Exploit has been released and this ex- 
ploit can hack FTP of various Vendors like Adobe, HP, Sun, 
Microsoft Interix . 

Read more @ http://tinyurl.com/3kngqjf 



Facebook is not Exclusion, XML Vulnerability 
This isn't serious flaw or bug, vulnerability, but this 
is proove that even such website's contain security 
holes, and if you look through you can take them 
over. 

Read More @ http://tinyurl.com/5t7fd32 



Microsoft discloses vulnerabilities in Chrome and 

Microsoft has issued two advisories on Chrome 
and Opera, detailing remote code execution and infor- 
mation disclosure vulnerabilities. The disclosure is the 
result of the Microsoft Vulnerability Research (MSVR) 
system going live, which is one of the core items within 
their Coordinated Vulnerability Disclosure (CVD) pro- 
gram. Read More @ http://tinyurl.com/3hj58bj 
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DHCP client allows shell command injection 5 s 
Dhclient versions 3.0.x to 4.2.x are allows DHCP servers to 
inject commands which could allow an attacker to obtain 
root privileges. The problem is caused by incorrect filtering 
of metadata in server response fields. 



Read More @ http://tinyurl.com/3bjsv42 



Multiple vulnerabilities in IBM Tivoli Directory 
Multiple vulnerabilities have been report- 
ed in IBM Tivoli Directory Server, which can be ex- 
ploited by malicious users to disclose sensitive in- 
formation and by malicious people to cause a 
Denial of Service and compromise a vulnerable 
system. 

Read More @ http://tinyurl.com/3l8f4pm 




Channel.facebook.com cross-site-scripting (XSS) 

vulnerability by Edgard Chammas 

Security researcher Edgard Chammas, has submitted 

on 02/04/201 1 a cross-site-scripting (XSS) vulnerability 

affecting 1 .61 .channel.facebook.com, which at the 

time of submission ranked 2 on the web according to 

Alexa. It is currently unfixed. 

Read More @ http://tinyurl.com/3o7484g 



Get all Vulnerability News @ 
http://tinyurl.com/6xlnmwz 
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Feedback 



Dear Readers, 

Thank you for being a part of a movement of 
awareness and change. Your support, participation and 
encouragement is why we continue to make THE HACKER 
NEWS' the best source of internet security on the web. 

Together we can bring forward the information we 
need to have a sustainable and healthy world. We can't 
wait to bring you next month's edition, "Total Exposure" 
that will cover, in depth, how vulnerable governments and 
corporations are. You won't want to miss it ! 

Please forward our magazine to friends, co-workers, 
bosses, family and businesses you know would enjoy read- 
ing and learning about internet security and the who's 
who of the internetworld. In the meantime, Thank you. 
you rock ! 

The Hacker News Team 



# Email Us you Feedback/Articles atthehackernews@gmail.com 

# Visit our site http://www.thehackernews.com/ 

# Donate us,Keep us Strong : http://tinyurl.com/64b7xs2 

# Join our facebook page : http://tinyurl.com/6de49r9 

# Follow us on Twitter : https://twitter.eom/#l/TheHackersNews 
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